Prime Learning

CGRC blueprint

CGRC exam domains

The ISC2 blueprint defines 7 domains for 2024 exam outline.
View practice test Certification overview
ProviderISC2
Exam codeCGRC
Exam standard2024 exam outline
Domains7

How to use the exam blueprint

Treat every domain as a required area of competence, then use its linked objectives to define exactly what to learn and practice. Published weights indicate relative exam emphasis, not permission to ignore lower-weight areas.

Prepare by objective and decision

Review the knowledge behind each objective, apply it in scenarios or practical work, and use targeted questions to test the decision being measured. Move to timed simulation only after the complete blueprint has been covered.

1 linked objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Covers Establish and operate security, privacy, risk, and compliance governance..

1 linked objectives

Scope of the System

Covers Define system boundaries, stakeholders, information, and requirements..

1 linked objectives

Selection and Approval of Framework, Security, and Privacy Controls

Covers Select and obtain approval for applicable frameworks and controls..

1 linked objectives

Implementation of Security and Privacy Controls

Covers Coordinate implementation and documentation of security and privacy controls..

1 linked objectives

Assessment and Audit of Security and Privacy Controls

Covers Plan and evaluate control assessments and audits..

1 linked objectives

System Compliance

Covers Support authorization, compliance decisions, and risk acceptance..

1 linked objectives

Compliance Maintenance

Covers Monitor changes and maintain continuous compliance..